Re: [PATCH v2 01/10] crypto: AF_ALG: add user space interface for AEAD

From: Herbert Xu
Date: Wed Nov 19 2014 - 01:46:12 EST

On Wed, Nov 19, 2014 at 07:30:52AM +0100, Stephan Mueller wrote:
> - these AD scatterlist chunks cannot be released after a normal encryption
> operation. The associated data must be available for multiple operations. So,
> while plaintext data is still flowing in, we need to keep operating with the
> same AD.

We don't start an AEAD operation until the entire input has been
received. Unlike ciphers you cannot process AEAD requests as you

So there is no need to special-case AD chunks since you will have
everything at your disposal before you can feed the request to the
crypto API.

> Thus I am wondering how the rather static nature of the AD can fit with the
> dynamic nature of the plaintext given the current implementation on how
> plaintext is handled in the kernel.
> To me, AD in league with an IV considering its rather static nature. Having
> said that, the IV is also not transported via the plaintext interface, but via
> a setsockopt. Shouldn't the AD be handled the same way?

AD is not like an IV at all. An IV is a fixed-size (and small)
input while AD can be of any length.

Think about how this is used in real life. For IPsec AD is the part
of the packet that we don't encrypt. So there is nothing fundamentally
different between AD and the plain-text that we do encrypt except
that you don't encrypt it :)

Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at